code Archives

AppWizard

May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.

Winsage

May 6, 2026

Microsoft enables Hotpatching by default: Windows updates without restarts become a reality

Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.

Winsage

May 6, 2026

Microsoft’s Windows 11 update just fixed memory leaks, slow startup, and File Explorer bugs

Microsoft released the April 2026 optional preview update (KB5083631) for Windows 11, targeting versions 24H2 and 25H2. This update resolves the "white flash" bug in File Explorer, overhauls its codebase, and preserves user settings for View and Sort preferences. It improves the reliability of the explorer.exe process, optimizes the Delivery Optimization service to reduce memory leaks, and enhances the boot sequence for faster startup. The update lifts the FAT32 formatting limit from 32GB to 2TB. It also includes reliability improvements for the Taskbar, fixes for Microsoft Store download errors, resolves a Windows Hello fingerprint data loss issue, enhances Remote Desktop scaling, ensures color profile consistency, and improves the Fluid Dictation feature. The comprehensive improvements will be included in the mandatory Patch Tuesday update on May 12, 2026.

Tech Optimizer

May 5, 2026

Open Source Tamper-Proof Database Adds Immutable Audit Logging and Expands PostgreSQL Compatibility

Codenotary has released immudb 1.11, an open-source database that enhances immutable audit logging and compatibility with PostgreSQL. This version features integrated audit logging that captures database activities in a tamper-proof manner, eliminating the need for external logging systems. It allows organizations to create unalterable audit trails, streamline compliance processes, and maintain a reliable history of data interactions. Immudb 1.11 is compatible with existing PostgreSQL code, enabling seamless integration with various applications and tools. The database is particularly beneficial for sectors requiring trust and accountability, such as finance, software development, cybersecurity, regulated industries, AI systems, and supply chain management. Immudb has over 50 million downloads and supports a zero-trust approach to data management. The open-source version is available on GitHub.

AppWizard

May 5, 2026

Samsung Driving Insights app could be the backseat driver no one asked for

A newly leaked build of Samsung's One UI 9 reveals an app called Driving Insights, which uses artificial intelligence to provide personalized feedback on driving habits. The app analyzes driving behaviors through location tracking and AI algorithms, generating weekly summaries for users. It assesses aspects such as speed and braking intensity, and activates when a phone connects to a vehicle's Bluetooth. Users can filter reports by time and distance, receiving feedback ranging from commendations to constructive advice. The app will also monitor rapid acceleration and sharp turns. Driving Insights aims to enhance driving practices, but raises concerns about the reliability of AI-generated advice in promoting safe driving.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

AppWizard

May 5, 2026

Google Messages may soon solve your dark viewfinder struggles

Google is introducing a feature called Low Light Boost for its messaging platform's in-app camera preview, aimed at improving visibility in dim lighting. This feature brightens the viewfinder in real-time, allowing users to frame their shots better before taking a photo. Low Light Boost adjusts brightness based on surrounding light conditions and operates instantly, unlike traditional Night Mode. There are two methods for implementing Low Light Boost: 1. Low-Light Boost AE Mode, a hardware-level auto-exposure mode available on devices running Android 15 or later, specifically on Pixel 10 devices. 2. Google Low Light Boost, a software-based solution (HDRNet) for devices that do not support AE mode, enhancing brightness through post-processing techniques. The latest beta version of Google Messages, v20260501, includes code hints for the integration of Low Light Boost, although it is not yet fully operational. The feature enhances the viewfinder experience but does not affect the quality of the final image, which requires a separate Night Mode.

Winsage

May 5, 2026

Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say

Researchers at Striga have identified two vulnerabilities (CVE-2026-42248 and CVE-2026-42249) in Ollama’s Windows auto-updater that could allow an attacker to install a persistent executable that runs at user login. CVE-2026-42248 fails to properly verify signatures of downloaded content, while CVE-2026-42249 is a path traversal flaw that allows an attacker to inject malicious code into the user's Startup folder. Exploitation requires control over the update response, with potential methods including compromising the update infrastructure or redirecting the client. The vulnerabilities affect Ollama versions 0.12.10 through 0.17.5, and users are advised to disable auto-updates and remove shortcuts from the Startup folder to mitigate risks.

TrendTechie

May 5, 2026

Выпуск qBittorrent 5.2.0

qBittorrent 5.2.0 was released on May 3, 2026, as an open-source torrent client developed with the Qt toolkit. It is available for Linux, Windows, and macOS, and its source code is on GitHub under the GPLv2+ license. The project started with version 4.0 in November 2017, followed by versions 5.0 in September 2024 and 5.1 in April 2025. Key features include an integrated search engine, RSS feed subscription, remote management, and advanced torrent settings. Version 5.2.0 includes enhancements such as an advanced tracker status filter, removal of subcategory restrictions, asynchronous block calculations, reduced resume times for paused downloads, configurable RSS feed refresh times, SOCKS4/SOCKS4a proxy support for the search engine, and various improvements to the web interface and user customization options. Support for builds with Qt 6.5 has been discontinued.

Tech Optimizer

May 5, 2026

AI finds 20-year-old bugs in PostgreSQL and MariaDB

Patches have been released for all identified vulnerabilities in PostgreSQL and MariaDB, with strong recommendations for users to upgrade to the latest fixed versions. A zero-day flaw in PostgreSQL, classified as CVE-2026-2005, is a heap-based buffer overflow issue in the "pgcrypto" extension. This vulnerability allows attackers to exploit specially crafted input, leading to out-of-bounds writes and potential remote code execution on the database server. It affects all supported versions of PostgreSQL and has been addressed in updates v18.2, v17.8, v16.12, v15.16, and v14.21. The flaw has a high-severity rating of CVSS 8.8 out of 10 and has existed since 2005.